I am having a problem with verifying xades signature made to xml document.
I use your sampel program, check both "Enable xades options" and "production place". Then i fill all entries with "testsign". Finally i select my signing certificates. A signed document gets generated and saved, but then when i try to verify the signature, it fails. I try to use for it both an online service [URL=http://www.globaltrustfinder.com/XMLSignatureVerificationStep1.aspx]Service[/URL]
and some application (in polish)
[URL=http://www.sigillum.pl/sig-cmsws/page/GetFile.aspx?cfid=185&fn=SigillumSign3.0.0.27_2009_05_11.zip]App link[/URL]
signed xml is attached. Could you please help with this issue? I guess some part of signature is wrong/missing

It seems that this online service accept Enveloping signatures only. And it doesn't understand X509IssuerSerial and X509SubjectName elements in the X509Data element.
So, set the following options:
Signer.SignatureType := xstEnveloping;
X509KeyData.IncludeDataParams := [xkidX509Certificate];

thanks for help. there is one more thing - it seems that the application i've mentioned has a problem with linefeed. when i try to use the app to verify some xml everything goes well. but after opening the same file in visual studio and saving it with no modification, it fails verification. i think that the reason why i cant verify xml signed by simplesigner is the linefeed. can you suggest any way how to control linefeed during file writing?

As I can see from your xml document you are using Normalize newline characters option. So, I can only suggest to completely remove whitespace characters from the signature, to do this comment lines with: Signer.OnFormatElement and OnFormatText

I have found on the net an exampel of a xml that is accepted by Sigillum. I would really appreciate if you could tell me which options set in simplesigner to obtain a document recognizable by sigillum.

To use sigillum, download the app, run it and there is a button 'Otworz' in the bottom right corner. It opens a xml doc. After that goto tab 'Podpisi'

Whenever i go to 'Podpisy' after loading doc signed by SImpleSigner, there is a cert with red cross. but after loading xml that i attach to this post, there is a cert with yellow triangle - i would like to get to this point.

Also, this application doesn't like signature formatting, so simply remove assignment of Signer.OnFormatElement and Signer.OnFormatText events.
And add the following line to not to include RSAKeyValue element:
X509KeyData.IncludeKeyValue := False;

Did you manage to sign a xml with modified simplesigner so that it was recognized by sigillum?

Not exactly, it reports now: "Podano b³êdn¹ wartoœæ parametru." Attached the signed xml document.
At least the signature is recognized by sigillum now.
It is possible that sigillum application requires a specific certificate to be used for singning. Or the structure of the signature should be the same as in the sample you gave me (for example fill an Id attributes).

P.S. The digest value of the signature policy is calculated over SigPolicyId\Identifier element. If Identifier element contains an URI, then the hash is calculated on the downloaded file (for example using TElHashFunction class), in most cases you can cache the digest value.

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. You can find out more about and set your own preferences here.